That's why you should use SSL for anything like that. And signout as soon as done (regretfully some software doesn't invalidate cookies on signout, only overwrites on browser.)...

[ more ]